We had a recent issue whereby a locked thread was successfully posted to by a standard user via Tapatalk. While this is being investigated, I have disabled the Tapatalk Extension.

I have learned through chatting to phpBB support that Tapatalk is still not an officially validated phpBB extension - meaning that it likely uses methods outside of the proper phpBB API to go about its business. I have logged a support request with Tapatalk to ask them to confirm whether or not their extension is interfacing 100% directly through the documented phpBB API. I have also asked them to confirm when they expect to have the extension validated by phpBB.

Right now, I'm of the opinion that we should wait until phpBB officially adds Tapatalk to its Extensions Database before re-implementing the function.

Sorry for the inconvenience. If you know or run other phpBB boards that use Tapatalk, you may wish to consider this information. I will update the thread as and when I get a response.

I don't use Tapatalk, but would like to say few words about some recently locked threads. There is at least 3 where Amiga vs Atari flame war (or at least it looked so) was on. It is indeed boring, and we saw plenty of similar ones, but sometimes it has some positive. Like that some people 'show their cards' in heat of discussion. I don't care much for bad words and insults - was insulted here and everywhere from people with low knowledge. What I care is to raise knowledge level, to discover some new facts and interesting features, possibilities. It is often spoiled by jealous people, and those wgo can not stand that something "their" is not better than something "our" . Even if nobody claimed anything about what is better So, from now I will not go into more silly discussions with proven troublemakers and spreaders of false and impossible claims. Will report their posts with explanation. I think that we have here another one who crossed the line.

Famous Schrodinger's cat hypothetical experiment says that cat is dead or alive until we open box and see condition of poor animal, which deserved better logic. Cat is always in some certain state - regardless from is observer able or not to see what the state is.

Accessing the forum via web on a phone is pretty much useless compared to Tapatalk. Tapatalk is a very popular app, I'm sure it's possible to find out why it's not behaving correctly with this particular forum.

joska wrote:Accessing the forum via web on a phone is pretty much useless compared to Tapatalk. Tapatalk is a very popular app, I'm sure it's possible to find out why it's not behaving correctly with this particular forum.

I understand, we all like the convenience of Tapatalk. Like many admins of many forums, I had assumed they were doing it the right way so installed it because users were asking for it and everyone else had it.

After chatting with one of phpBB's developers on irc about it, he was saying there are all sorts of funny things going on in their code which is why they have not yet approved it as an official extension for phpbb 3.1. Not least of all directly reading and writing to the database as opposed to going via the established API (a huge no-no).

Until I can be sure Tapatalk isn't potentially bypassing the forum's security or ignoring the fact I disabled it in ACP, it will remain off the board.

Another thing to consider is that Tapatalk is now promoting monetisation and potentially looking to target advertising to users. I want to be confident that their plugin is secure before they continue to have access to this forum's members.

Thanks to information from Calimero, I have been able to reproduce the behaviour with phpBB 3.1.5 running on our test server.

Here are my test details:

Tapatalk Testing wrote:1. Browser based test using two separate computers (one logged in as a dummy user account and anther logged in as a dummy moderator account). - Browser 1 logged in as user, starts replying to thread - Browser 2 logged in as mod, locks thread - Browser 1 hits submit - Result: message is not posted and the user is informed the thread is now locked. <--- Expected behaviour

2. TapaTalk test. User is logged in via Tapatalk on iPhone while the moderator is logged in on a PC using a regular browser - Tapatalk user starts replying to a thread - Moderator locks thread - Tapatalk user submits reply - Result: Reply is successfully posted to the thread despite it being locked. <--- Not good!

This looks to me like an issue with Tapatalk not using the phpBB API correctly.

If you know anyone using Tapatalk on their forums, I suggest you make them aware of this potential loophole (there could well be others). They can then make a decision for themselves.

I never used Tapatalk , but it sounds like a right hack to me. A hack with security loopholes at that. Its a wonder Tapatalk hasn't been used as a exploit for the forum, who knows what damage could be done with it.

I used to have tapatalk on my Android phone but only to see what it does when I was working on a tapatalk app for the Atari (PH Forum Notify). It does everything via it's own web services and does not use any PHPBB api at all. Using it's own Tapatalk API allows the app to talk to any Tapatalk able forum regardless of the underlying forum infrastructure. Anyway, I already removed tapatalk app from my android years ago as I found reading and replying on a small screen is very difficult for my failing eyesight... but mostly because I stopped developing tapatalk app for the Atari also years ago.

I never used it to post, like some others the tiny screen on a mobile isn't the best for my eyes. I did however, have it installed just to get the audio/video notifications on my mobile about posts of interest. However, I can live without that.

joska wrote:Accessing the forum via web on a phone is pretty much useless compared to Tapatalk. Tapatalk is a very popular app, I'm sure it's possible to find out why it's not behaving correctly with this particular forum.

I'm also a Tapatalk user. I understand the security concerns, but really hope it can somehow be resolved.

They have gone very quiet. I even had an email from someone else at Tapatalk as they noticed I'd taking the board off and wanted to know what, if anything, they could do. I sent back a reply stating that I'm waiting for a resolution to my bug report and that's the last I heard from them.

As soon as Tapatalk is added to the phpBB extensions database, I'll re-deploy.

Dal wrote:They have gone very quiet. I even had an email from someone else at Tapatalk as they noticed I'd taking the board off and wanted to know what, if anything, they could do. I sent back a reply stating that I'm waiting for a resolution to my bug report and that's the last I heard from them.

As soon as Tapatalk is added to the phpBB extensions database, I'll re-deploy.

FWIW I've started using the mobil web version and while Tapatalk did better notifications it's definitely something I can live with now.

I recently refreshed my installation on the CPCWiki forum (using SMF). Tapatalk has been giving us problems for ages (some are "amusing", like serving photos that don't belong to our forum*, others less so, like it stopping working for no reason then coming back, or the TT console reporting at one point that my installation is ok and at the other that TT has not been installed, stuff like that).

But, imagine my surprise at finding that Tapatalk currently works for my forum.......

.....without having installed it

There's the mobiquo folder left over from the previous forum installation, but no plugin and the forum code is bleached clean. And yet my users are using TT.

Just thought I'd amuse you

*the images it served came from a US gun enthusiasts forum. Now imagine if my forum was for gun victims...